The Green Party is calling for significantly tougher penalties for serious privacy breaches, arguing New Zealand’s current laws are no longer strong enough to protect personal data in an increasingly digital economy.
The proposal follows growing concern over cyber security risks and the handling of sensitive information by private companies and organisations, including the recent Manage My Health data breach that affected thousands of New Zealanders.
Greens Seek Stronger Powers for Privacy Commissioner
Under the Greens’ proposal, the Privacy Commissioner would be given stronger enforcement powers, including the ability to seek major financial penalties through the courts.
The party wants fines of up to $500,000 for individuals responsible for serious privacy breaches, while corporations could face penalties as high as $10 million.
At present, New Zealand’s privacy framework has been criticised by some legal and consumer advocates for lacking meaningful financial consequences when organisations fail to adequately protect customer information.
Green Party Co-Leader Marama Davidson said the recent Manage My Health hack highlighted weaknesses in the current system and demonstrated the need for stronger accountability.
She said some companies continue to treat the personal data of New Zealanders as an afterthought because there is little incentive to invest properly in privacy protection.
Privacy Penalties Compared to Commerce Act Breaches
Davidson said the proposed penalties would bring privacy enforcement closer to the standards already applied under the Commerce Act.
Speaking to broadcaster Heather du Plessis-Allan, Davidson said privacy protections should carry consequences comparable to other major regulatory breaches affecting consumers and the wider public.
The Greens argue that stronger penalties would encourage businesses to improve cyber security systems, staff training, and data management practices before breaches occur.
Growing Focus on Data Protection in New Zealand
Privacy and cyber security have become increasingly prominent issues across New Zealand’s public and private sectors, particularly as more health, banking, and government services move online.
The Manage My Health incident intensified debate around how sensitive medical information is stored and protected, especially as cyber attacks targeting healthcare systems continue to rise globally.
Experts have warned that inadequate security measures can leave individuals vulnerable to identity theft, fraud, and misuse of personal information.
New Zealand’s Privacy Act already requires organisations to report serious privacy breaches, but critics say enforcement options remain limited compared with countries such as Australia and members of the European Union, where regulators can impose far larger penalties.
Courts Would Decide Any Financial Penalties
Under the Greens’ proposal, any fines would still need to be approved through the courts rather than issued directly by the Privacy Commissioner.
The party says this would ensure due legal process while still creating stronger deterrents for companies that fail to meet their obligations.
The proposal is likely to add to wider political discussions around cyber resilience, digital infrastructure, and consumer protection as New Zealand businesses continue to expand their online services.
Conclusion
The Greens’ push for tougher privacy penalties reflects growing concern over how personal information is handled in New Zealand. With cyber threats becoming more sophisticated and data breaches increasingly common, the party argues stronger enforcement powers are needed to ensure organisations take privacy obligations seriously.
“Beer enthusiast. Subtly charming alcohol junkie. Wannabe internet buff. Typical pop culture lover.”